icedtea-web
| Link | package | bugs open | bugs closed | Wiki | GitHub | web search |
| Description | Additional components for OpenJDK - Browser plug-in and Web Start implementation |
| Version | 1.8.8-1 [extra] |
Resolved
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-1017 | 1.7-1 | 1.8.3-1 | High | Fixed |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2019-10185 | AVG-1017 | High | Yes | Directory traversal | It was found that icedtea-web was vulnerable to a zip-slip attack during auto-extraction of a JAR file. An attacker could use this flaw to write files to... |
| CVE-2019-10182 | AVG-1017 | High | Yes | Directory traversal | It was found that icedtea-web did not properly sanitize paths from <jar/> elements in JNLP files. An attacker could trick a victim into running a specially... |
| CVE-2019-10181 | AVG-1017 | High | Yes | Insufficient validation | It was found that executable code could be injected in a JAR file without compromising the signature verification. An attacker could use this flaw to inject... |